---
title: "Password Management & 2FA"
description: "How Bytebot handles authentication automatically using password managers"
---

# Automated Authentication with Bytebot

Bytebot can handle authentication automatically - including passwords, 2FA, and even complex multi-step authentication flows - when you set up a password manager extension.

<Note>
  **Important**: Password manager extensions are not enabled by default. You need to install them manually using the desktop view.
</Note>

## How It Works

Bytebot comes with 1Password built-in and supports any browser-based password manager extension. It can:

- Automatically fill passwords from the password manager
- Handle 2FA codes (TOTP/authenticator apps)
- Manage multiple accounts across different systems
- Work with SSO and federated authentication
- Store and use API keys and tokens

## Setting Up Password Management

### Option 1: 1Password (Recommended)

<Steps>
  <Step title="Install 1Password Extension">
    1. Go to the Desktop tab in Bytebot UI
    2. Open Firefox
    3. Install the 1Password extension from the Firefox Add-ons store
    4. Sign in to your 1Password account (or create a dedicated one for Bytebot)
  </Step>
  
  <Step title="Configure Vaults">
    In your 1Password admin panel:
    1. Create a vault called "Bytebot Automation"
    2. Add the credentials Bytebot needs
    3. Share the vault with Bytebot's account
    4. Set appropriate permissions (read-only recommended)
  </Step>
  
  <Step title="Enable Auto-fill">
    The 1Password extension will automatically:
    - Detect login forms
    - Fill credentials
    - Handle 2FA codes
    - Submit forms
  </Step>
</Steps>

### Option 2: Other Password Managers

You can use any browser-based password manager by installing it through the Desktop view:

<Tabs>
  <Tab title="Bitwarden">
    1. Open Desktop tab
    2. Launch Firefox
    3. Install Bitwarden extension from Firefox Add-ons
    4. Log in to your Bitwarden account
    5. Configure auto-fill settings in Bitwarden preferences
  </Tab>
  <Tab title="LastPass">
    1. Open Desktop tab
    2. Launch Firefox
    3. Install LastPass extension from Firefox Add-ons
    4. Log in with your enterprise account
    5. Accept any shared folders for automation credentials
  </Tab>
  <Tab title="KeePass">
    1. Open Desktop tab
    2. Install KeePassXC application if needed
    3. Install KeePassXC browser extension in Firefox
    4. Configure browser integration
    5. Load your KeePass database
  </Tab>
</Tabs>

## Handling Different Authentication Types

### Standard Username/Password

```yaml
# Task description
Task: "Log into our CRM system and export the customer list"

# Bytebot automatically:
1. Navigates to login page
2. Password manager detects form
3. Auto-fills credentials
4. Submits login
5. Proceeds with task
```

### Time-based 2FA (TOTP)

```yaml
# Task description  
Task: "Access the banking portal and download statements"

# Bytebot handles:
1. Enters username/password from password manager
2. When 2FA prompt appears
3. Password manager provides TOTP code
4. Enters code automatically
5. Completes authentication
```

### Complex Multi-Step Auth

```yaml
# Task description
Task: "Log into the government portal (uses email verification)"

# Bytebot can:
1. Fill initial credentials
2. Handle "send code to email" flows
3. Access webmail account (also in password manager)
4. Retrieve verification code from webmail
5. Complete authentication
```

## Enterprise Setup Guide

### Centralized Credential Management

<Steps>
  <Step title="Create Service Accounts">
    Set up dedicated service accounts for Bytebot:
    ```
    - bytebot-finance@company.com (banking portals)
    - bytebot-hr@company.com (HR systems)
    - bytebot-ops@company.com (operational tools)
    ```
  </Step>
  
  <Step title="Organize Password Vaults">
    Structure your password manager:
    ```
    Bytebot Vaults/
    ├── Financial Systems/
    │   ├── Banking Portal A
    │   ├── Banking Portal B
    │   └── Payment Processor
    ├── Internal Tools/
    │   ├── ERP System
    │   ├── CRM Platform
    │   └── HR Portal
    └── External Services/
        ├── Vendor Portal 1
        ├── Government Site
        └── Partner System
    ```
  </Step>
  
  <Step title="Set Rotation Policies">
    Configure automatic password rotation:
    ```javascript
    // Example automation for password rotation
    {
      "schedule": "monthly",
      "task": "For each credential in 'Rotation Required' vault, 
               update password in the system and save new password"
    }
    ```
  </Step>
</Steps>

### Security Best Practices

<CardGroup cols={2}>
  <Card title="Least Privilege" icon="shield-halved">
    Only share credentials Bytebot needs for specific tasks
  </Card>
  <Card title="Audit Logging" icon="scroll">
    Enable password manager audit logs to track access
  </Card>
  <Card title="Vault Isolation" icon="lock">
    Separate vaults by sensitivity level and department
  </Card>
  <Card title="Regular Reviews" icon="calendar-check">
    Audit Bytebot's credential access monthly
  </Card>
</CardGroup>

## Common Authentication Scenarios

### Banking and Financial Systems

```yaml
Scenario: Daily bank reconciliation across 5 banks

Setup:
- Each bank credential in password manager
- 2FA seeds stored for TOTP generation
- Bytebot's IP whitelisted at banks

Task: "Log into each bank account, download yesterday's 
       transactions, and consolidate into daily report"

Result: Fully automated, no human intervention needed
```

### Government and Compliance Portals

```yaml
Scenario: Weekly regulatory filings

Setup:
- Service account with 2FA enabled
- Password manager has TOTP seed
- Security questions stored as notes

Task: "Log into state tax portal, file weekly sales tax 
       report using data from tax_data.csv"

Handles: Password, 2FA, security questions, CAPTCHAs
```

### Multi-Tenant SaaS Platforms

```yaml
Scenario: Managing multiple client accounts

Setup:
- Credentials for each tenant/client
- Organized in password manager by client
- Naming convention: client-platform-role

Task: "For each client in client_list.txt, log into their 
       Shopify account and export this month's orders"

Scales: Handles 100+ accounts seamlessly
```

## Advanced Authentication Features

### SSO and SAML Integration

```yaml
# Bytebot can handle SSO flows
Task: "Log into Salesforce using Okta SSO"

Process:
1. Navigate to Salesforce
2. Click "Log in with SSO"
3. Redirect to Okta
4. Password manager fills Okta credentials
5. Handle any 2FA on Okta
6. Redirect back to Salesforce
7. Continue with task
```

### API Key Management

```yaml
# Store API keys in password manager
Password Entry: "OpenAI API Key"
- Username: "api"
- Password: "sk-proj-..."
- Notes: "Rate limit: 10000/day"

# Use in tasks
Task: "Configure the application to use our OpenAI API key 
       from the password manager"
```

### Certificate-Based Auth

```yaml
# For systems requiring certificates
Setup:
1. Store certificate password in manager
2. Mount certificate file to Bytebot
3. Configure browser to use certificate

Task: "Access the enterprise portal that requires 
       client certificate authentication"
```

## Troubleshooting Authentication

<AccordionGroup>
  <Accordion title="Password manager not auto-filling">
    **Solutions:**
    - Ensure extension is installed and logged in
    - Check site is saved in password manager
    - Verify auto-fill settings are enabled
    - Try refreshing the page
  </Accordion>
  
  <Accordion title="2FA code rejected">
    **Common causes:**
    - Time sync issues (check system clock)
    - Wrong TOTP seed saved
    - Site using non-standard 2FA
    
    **Fix:**
    ```bash
    # Sync system time
    docker exec bytebot-desktop ntpdate -s time.nist.gov
    ```
  </Accordion>
  
  <Accordion title="Session expiring during task">
    **Solutions:**
    - Enable "remember me" if available
    - Increase session timeout in target system
    - Break long tasks into smaller chunks
    - Use API access where possible
  </Accordion>
</AccordionGroup>

## Integration Examples

### Finance Automation Script

```python
# Example: Automated invoice collection
tasks = [
    {
        "description": "Log into vendor portal A and download all pending invoices",
        "credentials": "vault://Financial Systems/Vendor Portal A"
    },
    {
        "description": "Log into vendor portal B and download all pending invoices",  
        "credentials": "vault://Financial Systems/Vendor Portal B"
    },
    {
        "description": "Process all downloaded invoices through our AP system",
        "credentials": "vault://Internal Tools/AP System"
    }
]

# Bytebot handles all authentication automatically
```

### Compliance Automation

```yaml
Daily Compliance Check:
  Morning:
    - Log into regulatory portal (2FA enabled)
    - Download new compliance updates
    - Check our status
  
  If Non-Compliant:
    - Log into internal system
    - Create compliance ticket
    - Notify compliance team
  
  All credentials managed automatically
```

## Best Practices Summary

✅ **DO:**
- Use dedicated service accounts for Bytebot
- Organize credentials in logical vaults
- Enable 2FA on all accounts (Bytebot handles it!)
- Rotate passwords regularly
- Monitor access logs

❌ **DON'T:**
- Share personal credentials with Bytebot
- Store passwords in task descriptions
- Disable 2FA for convenience
- Use the same password across systems
- Ignore authentication errors

## Next Steps

<CardGroup cols={2}>
  <Card title="Task Examples" icon="list" href="/guides/task-creation">
    See auth in action
  </Card>
  <Card title="API Integration" icon="code" href="/api-reference/introduction">
    Programmatic credential management
  </Card>
</CardGroup>

<Note>
  **Game Changer**: With proper password manager setup, Bytebot can handle even the most complex authentication flows automatically. No more manual intervention for 2FA, no more sharing passwords insecurely, and no more authentication bottlenecks in your automation workflows!
</Note>